diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 49b6373673..113366430f 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -1,11 +1,11 @@
{
- "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
- "specVersion": "1.5",
- "serialNumber": "urn:uuid:3011e948-50cd-43d1-a1c6-42af9dba80ba",
+ "specVersion": "1.6",
+ "serialNumber": "urn:uuid:f71e88da-e1db-49f6-acbf-30c67afd914a",
"version": 1,
"metadata": {
- "timestamp": "2024-04-22T00:28:09Z",
+ "timestamp": "2024-04-29T00:27:35Z",
"tools": {
"components": [
{
@@ -361,6 +361,12 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.7",
@@ -699,6 +705,12 @@
},
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1376,6 +1388,12 @@
},
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "33833f031d9d36234e11d9671be150d53b9e598d"
+ }
+ ],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
@@ -1463,6 +1481,12 @@
},
"cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
"description": "C parser in Python",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1733,6 +1757,12 @@
},
"cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f5d6b5f3f3f6fffe01b340c5a19562433db148a9"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib_metadata/7.1.0",
@@ -1767,6 +1797,12 @@
},
"cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bfae83474a730e8cc9b8a71027fb859b46b3875c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/zipp/3.18.1",
@@ -1801,6 +1837,12 @@
},
"cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.0:*:*:*:*:*:*:*",
"description": "Read resources from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1f4d3f10a3ed5d65b3092a39369c08e71e30a97c"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib_resources/6.4.0",
@@ -1982,20 +2024,20 @@
"type": "library",
"bom-ref": "47-referencing",
"name": "referencing",
- "version": "0.34.0",
+ "version": "0.35.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.34.0",
+ "url": "https://pypi.org/project/referencing/0.35.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.34.0",
+ "purl": "pkg:pypi/referencing@0.35.0",
"properties": [
{
"name": "language",
@@ -2082,7 +2124,7 @@
"type": "library",
"bom-ref": "50-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.0",
+ "version": "0.7.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2091,7 +2133,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -2103,12 +2145,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.7.0",
+ "url": "https://pypi.org/project/lib4sbom/0.7.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.0",
+ "purl": "pkg:pypi/lib4sbom@0.7.1",
"properties": [
{
"name": "language",
@@ -2788,6 +2830,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.11.0:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d4d929d44bd984350e2d17726362295f588eaace"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/typing_extensions/4.11.0",
@@ -2901,7 +2949,7 @@
"type": "library",
"bom-ref": "69-xmlschema",
"name": "xmlschema",
- "version": "3.3.0",
+ "version": "3.3.1",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2910,7 +2958,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -2922,12 +2970,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/xmlschema/3.3.0",
+ "url": "https://pypi.org/project/xmlschema/3.3.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.3.0",
+ "purl": "pkg:pypi/xmlschema@3.3.1",
"properties": [
{
"name": "language",
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index d14be66d1e..78994456f0 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a059f2f9-c142-41b3-b870-0e0c0f91d08b
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3e09fd99-db2d-4685-ac0b-5dc0d4c7b348
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
-Created: 2024-04-22T00:26:48Z
+Created: 2024-04-29T00:26:10Z
CreatorComment: This document has been automatically generated.
#####
@@ -141,6 +141,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.7
FilesAnalyzed: false
+PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -269,6 +270,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0
FilesAnalyzed: false
+PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
@@ -512,6 +514,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5
FilesAnalyzed: false
+PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
@@ -543,6 +546,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22
FilesAnalyzed: false
+PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
@@ -639,6 +643,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.1.0
FilesAnalyzed: false
+PackageChecksum: SHA1: f5d6b5f3f3f6fffe01b340c5a19562433db148a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -654,6 +659,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/zipp/3.18.1
FilesAnalyzed: false
+PackageChecksum: SHA1: bfae83474a730e8cc9b8a71027fb859b46b3875c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -669,6 +675,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Barry Warsaw (barry@python.org)
PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.4.0
FilesAnalyzed: false
+PackageChecksum: SHA1: 1f4d3f10a3ed5d65b3092a39369c08e71e30a97c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -740,17 +747,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
PackageName: referencing
SPDXID: SPDXRef-Package-47-referencing
-PackageVersion: 0.34.0
+PackageVersion: 0.35.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*
#####
PackageName: rpds-py
@@ -785,17 +792,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1
PackageName: lib4sbom
SPDXID: SPDXRef-Package-50-lib4sbom
-PackageVersion: 0.7.0
+PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -1044,6 +1051,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.11.0
FilesAnalyzed: false
+PackageChecksum: SHA1: d4d929d44bd984350e2d17726362295f588eaace
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
@@ -1085,17 +1093,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-Package-69-xmlschema
-PackageVersion: 3.3.0
+PackageVersion: 3.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.0
+PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*
#####
PackageName: elementpath